Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
SRX5308 IPSEC VPN Problems
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2014-05-01
09:35 AM
2014-05-01
09:35 AM
SRX5308 IPSEC VPN Problems
Hi,
yesterday I replaced a FVS336Gv2 (3.x Firmware) with a SRX5308 (4.3.1-22).
2 WANs are configured, WAN2 with static public IP-Adress is used for all VPNs.
VPNs are configured to other FVS336, SRX5308, a Fritzbox and Client VPNs (Android NCP and Shrew Soft VPN on Windows)
On the FVS336 all VPNs were running for months/years with no problems.
Since the replacement of the device I have nothing but problems.
I configured all IPSEC-VPNs identically to them on the FVS336.
Now (after 20h of making nothing but testing different configurations) 4 of the LAN-LAN-Configs are running.
But I don't know, how stable those connections are.
Some others have problems to connect.
Errors are f.e.
The worst is, that I can not connect with Clients to several SRX5308 (Firmware 4.x).
I'm using Shrew soft on Windows Clients and NCP for Android on smartphones.
Today I contacted the Netgear support due to this issue (Case # 23146500)
The supporter tried to connect to one of my SRX5308 with his iphone and failed.
In his lab he had the same result,connecting to SRX5308 with iphone.
I have the following errors:
Android 4.4.3 and NCP-Client:
Windows 7/8 with Shrew Soft VPN Client 2.2.0:
Is here someone who can help me?
yesterday I replaced a FVS336Gv2 (3.x Firmware) with a SRX5308 (4.3.1-22).
2 WANs are configured, WAN2 with static public IP-Adress is used for all VPNs.
VPNs are configured to other FVS336, SRX5308, a Fritzbox and Client VPNs (Android NCP and Shrew Soft VPN on Windows)
On the FVS336 all VPNs were running for months/years with no problems.
Since the replacement of the device I have nothing but problems.
I configured all IPSEC-VPNs identically to them on the FVS336.
Now (after 20h of making nothing but testing different configurations) 4 of the LAN-LAN-Configs are running.
But I don't know, how stable those connections are.
Some others have problems to connect.
Errors are f.e.
[SRX5308] [IKE] ERROR: Invalid SA protocol type: 0
The worst is, that I can not connect with Clients to several SRX5308 (Firmware 4.x).
I'm using Shrew soft on Windows Clients and NCP for Android on smartphones.
Today I contacted the Netgear support due to this issue (Case # 23146500)
The supporter tried to connect to one of my SRX5308 with his iphone and failed.
In his lab he had the same result,connecting to SRX5308 with iphone.
I have the following errors:
Android 4.4.3 and NCP-Client:
Could not contact Gateway (no response) in state
Windows 7/8 with Shrew Soft VPN Client 2.2.0:
[SRX5308] [IKE] ERROR: Could not find configuration for
Is here someone who can help me?
Message 1 of 6
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2014-05-01
10:38 AM
2014-05-01
10:38 AM
Re: SRX5308 IPSEC VPN Problems
In his lab he had the same result,connecting to SRX5308 with iphone.
This should flag you that you need to deal with support 🙂
Message 2 of 6
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2014-05-02
03:40 AM
2014-05-02
03:40 AM
Re: SRX5308 IPSEC VPN Problems
Update:
Just to remember:
All connections worked fine with FVS336Gv2 (3.x firmware).
Message 3 of 6
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2014-05-13
01:38 PM
2014-05-13
01:38 PM
Re: SRX5308 IPSEC VPN Problems
Hi
all problems are now solved.
Issues with LAN-LAN-VPNs wouldn't occur with Beta-Firmware 4.1.3.28, got from Netgear Support.
Client-VPN are working to.
Have to use FQDN as ID for the gateway, not IP-Adress
all problems are now solved.
Issues with LAN-LAN-VPNs wouldn't occur with Beta-Firmware 4.1.3.28, got from Netgear Support.
Client-VPN are working to.
Have to use FQDN as ID for the gateway, not IP-Adress
Message 4 of 6
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2014-05-25
05:28 AM
2014-05-25
05:28 AM
Re: SRX5308 IPSEC VPN Problems
I have the same problem with VPN LAN-LAN after update to firmware 4.3.1-22
We need to restart SRX5308 devices each 2-3 hours to maintain VPN LAN-LAN functionality! We use SRX5308 firewalls with 4.3.1-22 firmware and FVS318G with 3.1.1-14 firmware.
In VPN Log appears string:
[IKE] ERROR: Phase 1 negotiation failed due to time up for
We need to restart SRX5308 devices each 2-3 hours to maintain VPN LAN-LAN functionality! We use SRX5308 firewalls with 4.3.1-22 firmware and FVS318G with 3.1.1-14 firmware.
In VPN Log appears string:
[IKE] ERROR: Phase 1 negotiation failed due to time up for
Message 5 of 6
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2014-06-02
12:07 AM
2014-06-02
12:07 AM
Re: SRX5308 IPSEC VPN Problems
goscho wrote: Hi
all problems are now solved.
Issues with LAN-LAN-VPNs wouldn't occur with Beta-Firmware 4.1.3.28, got from Netgear Support.
Client-VPN are working to.
Have to use FQDN as ID for the gateway, not IP-Adress
They gave you the 4.3.1-28 beta firmware. I am using 4.3.1-22 and so far so good.
Would be interested to know what has been updated in the 4.3.1-28 beta firmware?
Message 6 of 6